单击 Gmail 中的链接是否会发送引用标头? [英] Does clicking a link in Gmail send a referer header?

问题描述

这主要是出于隐私考虑.如果我在 Gmail(或任何其他电子邮件提供商)上打开一封包含网站链接的电子邮件，然后我最终点击了该链接，Gmail 会发送引荐来源网址吗?(即，目标网站会知道我来自 Gmail 吗?他们会知道我点击链接时使用的电子邮件地址吗?)

This is mainly for privacy concerns. If I open up an email on Gmail (or any other email provider) containing a link to a website and I end up clicking on the link, does Gmail send out a referer header? (ie. Will the destination website know that I came from Gmail? And would they know the email address that I was using when I clicked on the link?)

最后，如果他们这样做了，有什么办法可以禁用它?

Lastly, if they do, is there any way to disable it?

推荐答案

不，如果你使用 gmail 的 web 界面，不会设置referrer header，但目的地可能仍然会猜测你来自 gmail.

No, if you use gmail's web interface referrer header won't be set, but destination may still guess that you came from gmail.

点击 gmail 中的 http://example.com/something 链接时会发生以下情况:实际目的地更改为 GET https://www.google.com/url?hl=en-GB&q=http://example.com/something&source=gmail&ust=TIMESTAMP&usg=HASH.作为对这个 HTTP GET 的回复，google.com 回复 302 Moved 并带有 Location标头重定向到实际链接:Location: http://example.com/something.处理此回复时，chrome 将请求如下内容:

Here's what happens when you click http://example.com/something link in gmail: actual destination is changed to GET https://www.google.com/url?hl=en-GB&q=http://example.com/something&source=gmail&ust=TIMESTAMP&usg=HASH. In reply to this HTTP GET google.com replies 302 Moved with Location header to redirect to actual link: Location: http://example.com/something. When processing this reply chrome will request something like this:

GET /something HTTP/1.1
Host: example.com
... regular headers ...
X-Client-Data: %HASH%

如果您通过在地址栏中键入 URL 来发出请求，则请求将是相同的，但不会有 X-Client-Data 标头.似乎这个 X-Client-Data 标头是由 Chrome 在访问 Google 服务器时设置的，并且在使用非 Chrome 浏览器时似乎没有设置这样的标头.如果您以隐身/私人模式打开浏览器并单击 gmail 中的该链接，则未设置 X-Client-Data 标头，并且在服务器端看起来好像您在地址栏中键入了 URL直接.

If you make that request by typing the URL in address bar the request will be identical except there won't be that X-Client-Data header. It seems that this X-Client-Data header is set by Chrome while accessing Google servers and it seems that no such header is set when using non-chrome browsers. If you open your browser in incognito/private mode and click that link in gmail then X-Client-Data header isn't set and on server side it looks as if you typed the URL in your address bar directly.

这篇关于单击 Gmail 中的链接是否会发送引用标头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！